Because of the volume of email I get, I have Norton Antivirus and update it automatically every 48 hours or so. It catches about 5-10 infected incoming messages per day. In spite of that, a variant of the KLEZ virus got into my system. So far, only two people have reported that they got infected email from me and I’ve cleaned my system since.
It’s getting scary out there.
Dale
I got a fake message saying that one of my messages to someone was infected with that virus. I had never emailed this person so I was suspicious. This email had a website address to click on. I didn’t click it. I did some checking first. Seems if you click the site listed thennnnnn you get infected.
What’s with people? Haven’t they got enough to do? Are they just that hateful?
Klez is scary. I’ve had to clean computer after computer of this little monster.
Be aware though, that just because they got an infected email and it had your return address, this doesn’t mean the email actually came from your computer.
Among its other horrid talents, Klez can “spoof” a return address, so that it’s difficult to see where an infected email actually did come from.
If anybody is curious, usually one of the first things you see on a Klez-infected computer is that virus scanners and firewall software won’t run. Klez scans for these ten times a second and kills them when it finds them running.
You can download a tool which will scan for and remove Klez from your system at
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.removal.tool.html
Best wishes,
–James
http://www.flutesite.com
Mary,
When downloading e-mail messages I go offline (hangup or disconnect modem) before attempting to read them.
This stops my computer from sending information BACK to the person who sent the mail (usually spam) letting them know your e-mail address is good.
It’s easy for the sender to e-mail a short message that ‘calls’ additional information from a remote website. Often unwanted popup windows appear.
If it’s a legitimate message (like my insurance company) I delete all the unwanted messages first then get back online and open the message again so it can load the needed information.
This won’t stop virus e-mails from entering your system, but (for me) it reduces the time needed to delete junk mail.
You can also configure your email client not to return status on recieved emails. That way you don’t have to take the trouble to go offline when reading.
–James
http://www.flutesite.com
On 2002-07-27 19:13, peeplj wrote:
If anybody is curious, usually one of the first things you see on a Klez-infected computer is that virus scanners and firewall software won’t run. Klez scans for these ten times a second and kills them when it finds them running.
–James
http://www.flutesite.com
James,
When you say virus scanners and firewall software won’t run. Do you mean totally or just when you try to check for the Klez? I received one of the “suspected” emails from “I think” Dale’s computer and 2 other suspicious emails from who know’s who. I clicked on the one from Dale and then ran the scan from Yahoo on it and it said it had a virus so thats when I deleted it. I deleted the others with out opening them, and have run my virus scanner and got the all’s clear and my firewall is still responding and blocking those pesky perverts/pirates that are trying to get into my computer. Do you think I am safe for now?
Kathy
McAfee will catch the Klez virus - it does it on mine a couple of times a week.
What it can’t do is clean or delete the infected file - you have to quarantine the damned thing and then go back with your Windows safety stuff off to actually delete the thing.
There’s really no total way around the things - ither than simply not being connected at all. Some days, though…
But seriously, one thing that will cut down your virus receipt sharply and virtually eliminate your chance of resending them, is to get a mail manager that doesn’t use that illegitimate child that Microsoft calls a mail manager. Many of the nastier ones are specific to that particular mail program.
Nothing salves a weary soul like a cheap whistle.
[ This Message was edited by: Chuck_Clark on 2002-07-27 21:36 ]
Yea, from my experience, McAfee is a better product than Norton…but then nearly anything is better than Norton. I’ve seen too many instances where Norton didn’t detect specific viruses that were detected by McAfee, PC-cillin and others.
Many ISPs have what’s called Web Mail (or something similar) where you can read your mail directly from their server and you can delete, reply or whatever you want to do without affecting your system at all. Thankfully, my ISP provides this service and I use it faithfully. I use Web Mail first, delete all the junk and suspicious messages, then use my normal e-mail client to download the rest. I own a graphics business and do a lot of online communicating and have never had a virus (knock on the fipple plug of a Clarke original).
Denny
I just use a mail client that isn’t subject to viruses 
If you try to start a virus scanner on a Klez-infected machine, it simply never comes up.
Programs which have real-time monitoring like McAfee and Norton will catch the virus (usually) before it infects the machine (if your signature files are current). Once it’s infected, pretty much the only way to remove it is either get it into safe mode and scan it from there, or obtain a removal tool (such as the URL I gave earlier in the thread).
On Windows XP and Windows ME there is an additional problem–thanks to the “system restore” feature your computer may reinfect itself after you have cleaned the virus off. You should disable system restore before cleaning the virus off your system, and then re-enable it afterwards.
You are at danger from Klez no matter what email client you use (unless you run Linux, in which case you are safe, but by virtue of a more bullet-proof OS).
If you are looking for a good antivirus program, there is an excellent freeware (for personal use) virus scanner available at
It is at least as good as most of the commercial offerings.
Best wishes,
–James
http://www.flutesite.com
I was thinking that I was immune to viruses because I use Linux. Well, by and large I am. But someone sent out a virus using my email as a return address – probably got it from someone else’s mailbox.
Never would’ve known about this unless some of this mail got rejected and bounced back to me.
So, really…what’s safe?
Well, there it is. Just a few minutes ago, I got two e-mails signed simply “son” that Norton assured me had the klez virus in them. Both worms have been quarantined. I guess it chooses names they think will persuade you that the e-mail is from family. Well, the joke’s on them, as I have but one son and he’s passed out on my chest after his late-night breast-feeding so he’s hardly likely to be sending me e-mail.
So am I to assume there’s more than a little likelihood that you are the infected party, Dale? I had wondered if I should be asking others who have my e-mail address. I wouldn’t mind so much if it was the lady who keeps sending me the emotional extortion and inspirational thought posts. At least she hasn’t tried to get me to forward that stupid cookie recipe yet. I sent her a link to snopes2 on her last one so maybe she’ll think twice…
What motivates people to invent
viruses? This question isn’t rhetorical.
I’m genuinely curious.
I would suppose that anybody with
enough intelligence to do such
a thing would have something
else to do. You can’t very well
take credit for your accomplishment. Is it sheer deviltry?
There seems to be a lot of ingenuity
spent buggering things up–to
what purpose? What’s in it for 'em?
edited
On 2002-07-28 06:25, jim stone wrote:
What motivates people to invent
viruses? This question isn’t rhetorical.
I’m genuinely curious.
I would suppose that anybody with
enough intelligence to do such
a thing would have something
else to do. You can’t very well
take credit for your accomplishment. Is it sheer deviltry?
There seems to be a lot of ingenuity
spent buggering things up–to
what purpose? What’s in it for 'em?
It’s the same thing that makes folks crash planes into skyscrapers in NYC. Figure that one out and you’ll have a handle on the computer virus thing.
Warning: long post, and possibly upsetting content, about the origins of computer viruses.
A lot of virus writers are youngsters who have a little computer talent and too much unsupervised time.
These are the kids who, had they been around 20 years ago, their parents would have gotten cable TV to act as a babysitter for their kids. The idea that you have to raise kids by spending time, lots of time with them, just never occurs to parents like that. Why? Well, their parents didn’t spend much time with them either, did they? So they are doing what has caused so much tradegy through human existance: raising their children the way they themselves were raised.
But there wasn’t much mischief you could really get into with cable TV. The Internet is different, and the “dark side” of Internet subculture is really going to appeal strongly to some kids. Some of these kids may also have the kind of brain that would make them a good programmer, and they start to find out and be fascinated by the kind of low-level information about how computers realy work which most of the rest of the world would pay money not to have to try to learn. And they think it would be neat to “leave their mark” on the systems they crack, so they write virus code–but these days just writing an “I’m here” virus doesn’t get you much prestige in that culture, so they make it a little destructive and they make it capable of infecting other machines through email, or open shares, or mapped drives, or any one of a hundred other ways.
This is the “hacker” stereotype portrayed in the media, and I use the work “hacker” with revulsion, because that’s just not what the word means, the proper term is “cracker.”
More often though, the kid doesn’t have any real programming experience or talent, they just order a “virus kit” online from the many dark alleys of the internet. These kits allow someone to produce different types of commonly found viruses in a simple, “point and click” way. These kids are known in the industry as “script kiddies.”
These kids write the majority of viruses out there.
But then you have a virus like Klez, which by its complexity shows it wasn’t written by any script-kiddie or at-home dark-side hobbyist. These are sometimes produced by foreign governments or their agents, or by independent groups within foreign nations, and are used as a means of annoyance and attack on both our country and also against the fact of the existance of the Internet itself. Most governments, including our own, really wish the Internet would just go away. Governments, including our own, have historically controlled their people via the information (and dis-information) they release to them. The Internet has made this traditional type of control seem impossible. I say “seem” because evidentally it still works pretty well in practice, thanks to the fact that most people are both gullible and “reasoning challenged.”
The Klez virus is believed to have originated somewhere in Asia.
Whoever used the term “terrorist” earlier in the discussion may have been more accurate than you might credit at first glance, at least regarding the origins of some of the most novel and destructive viruses found “in the wild.”
At work I encounter people of many different levels of experience with computers, everything from very talented programmers and analysts all the way down to nurses who they they that “rebooting” means to power cycle your monitor.
Those who are not internet-savvy think it’s horrible when they find their teens have been looking at dirty pictures on the internet.
Those who are a little more aware of what kind of trouble a kid can really get into on the 'Net these days find their kids looking at porn and think, “Whew! Thank God he’s just looking at pictures of naked people!”
Best wishes,
–James
http://www.flutesite.com
[ This Message was edited by: peeplj on 2002-07-28 10:10 ]
On 2002-07-28 06:25, jim stone wrote:
What motivates people to invent
viruses?
Well, some of them might be young enough to think it’s funny. Some viruses may be invented with a specific target by someone angry enough or heartless enough not to care who else they’re hurting. I was going to disagree with blackhawk about his idea on it, but really, I suppose with terrorists anything is possible. He was speaking more generally, I believe, but it still could be.
Oops, didn’t see your note, peeplj, I missed page 2.
What he said. 
I really don’t know whether or not I sent out any infected email, given what’s been said about all of it. When I scanned for viruses, it showed one infected file. The person that gave me details about the infected file they received said it came from chiffandfippleowner@yahoogroups.com which is an email address that I don’t actually use to send emails. (It’s a long story). So, who knows.
Thanks for the notes on McAfee vs. Norton. I’ll switch to McAfee!
Dale
Thanks for the answers.
I’ve lived abroad quite a lot and certainly
there is widespread envy
of the USA, and I suppose that could motivate
people to try to screw up the internet.
And yes I remember what it was like
to be 14 and amoral–we just stole things then. I suppose it’s more boys than girls.
‘Virus kits,’ eh? Sheesh!
Yes, it’s paradoxical–because the internet
really is pretty subversive by nature.
If you wanted to screw us up
you would do better to leave it alone.
Thanks to all.